I thought I would add a bit more to my original post to clarify the problem. Half of the problem is the way Windows searches paths, and the other half is software developers who don’t quote their paths in the Registry or when calling CreateProcess. There are no built-in Windows services that have this problem and this issue has been documented for over a decade.

I mentioned that Microsoft has made some improvements with each version of Windows. These are as follows:

• The message box warning you of a file named program.exe started with Windows 2000 (or possible a late NT4 service pack)
• Windows XP and 2003 introduced tighter permissions that only allowed authenticated users to add files to the root directory
• Microsoft Security Bulletin MS02-064 added those same stronger permissions to Windows 2000 systems
• Windows Vista now prevents non-admin users from creating files in the root directory

While these are definitely good preventions, the underlying problem issue is still there. Anyone who changes these default permissions might make the system vulnerable. Furthermore, there are likely paths that contain spaces that would still be vulnerable.

My purpose in posting this is to remind people of this problem because software developers are still making the mistake of not quoting paths. My other purpose is to bring up the possibility that maybe something more should be done on the Windows side because this could potentially be a problem for years to come.

Related posts

• No related posts.